On Sat, Feb 10, 2007 at 01:09:19AM +0100, Moritz Muehlenhoff wrote: > Jeroen van Wolffelaar wrote: > > Package: pdns-server > > Version: 2.9.20-7 > > Severity: serious > > Tags: security > > > > (serious because what I see looks like a buffer overflow, however, I > > didn't look into the code yet, so I make no claims as to whether this is > > exploitable) > > Despite having a team in the maintainer field and being RC this bug log > shows no visible reaction since a month. If it's unmaintained we shouldn't > include it in Etch.
One note, for all the bugs that I reported, it seemed limited to the bind backend, and one not-yet-reported bug about it is that it actually often 'forgets' zones too (not reported yet because I wanted to try to reproduce on etch instead of on sarge, I will report it this weekend). Reportedly, the other backends work just fine, and also, those are the backend configuration in which pdns sees wide deployment (the usecase for pdns with bind backend is pretty limited). An option, therefore, is to have a pdns uploaded without the bind backend, and a NEWS.Debian stating that "sorry, no bind backend available, because it's not of release quality" or something. Since other than our brief attempt at using pdns-with-bind-backend, I'm not having any experience with pdns, I don't feel comfortable making this change (and decision) myself, it's also pretty invasive so not typically something to do in a NMU. --Jeroen -- Jeroen van Wolffelaar [EMAIL PROTECTED] (also for Jabber & MSN; ICQ: 33944357) http://Jeroen.A-Eskwadraat.nl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
